General
-
Target
Jocgxblhndavxxxaphkcttrxyhlqlqsksn.exe
-
Size
1.1MB
-
Sample
211019-j96bfafdf7
-
MD5
b2d5a3d3b40b296e10b560c3fb0aa767
-
SHA1
61c2ddc66b425a8f6a0a7cec2c624ba2f6ffc78d
-
SHA256
22dd73a06a3bff8a7866c95b5191aa6a7b57d67d632b2373235e7b2ba4fd46fa
-
SHA512
b7b2c2173a782a7c842b2d69fa7b12eb89639d9b05563a1716eeb0b136c6a09dd8dde34f0240268854ea22a75b412cfb9b2acd619ad7ebe61b6e5feda1e3f330
Malware Config
Extracted
netwire
217.64.127.195:5455
184.75.223.211:5455
141.98.101.133:5455
64.42.179.67:5455
128.127.105.184:5455
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
- keylogger_dir
-
lock_executable
true
-
mutex
swTUnXMp
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
true
Targets
-
-
Target
Jocgxblhndavxxxaphkcttrxyhlqlqsksn.exe
-
Size
1.1MB
-
MD5
b2d5a3d3b40b296e10b560c3fb0aa767
-
SHA1
61c2ddc66b425a8f6a0a7cec2c624ba2f6ffc78d
-
SHA256
22dd73a06a3bff8a7866c95b5191aa6a7b57d67d632b2373235e7b2ba4fd46fa
-
SHA512
b7b2c2173a782a7c842b2d69fa7b12eb89639d9b05563a1716eeb0b136c6a09dd8dde34f0240268854ea22a75b412cfb9b2acd619ad7ebe61b6e5feda1e3f330
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Adds Run key to start application
-
Drops file in System32 directory
-